FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 11:22:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
6601c08d-a46c-11ec-8be6-d4c9ef517024	Apache httpd -- Multiple vulnerabilities The Apache httpd project reports: mod_lua: Use of uninitialized value of in r:parsebody (moderate) (CVE-2022-22719) A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. HTTP request smuggling vulnerability (important) (CVE-2022-22720) httpd fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (low) (CVE-2022-22721) If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. mod_sed: Read/write beyond bounds (important) (CVE-2022-23924) Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. Discovery 2022-03-14 Entry 2022-03-15 apache24 < 2.4.53 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 CVE-2022-23943 https://httpd.apache.org/security/vulnerabilities_24.html

VuXML ID

Description

6601c08d-a46c-11ec-8be6-d4c9ef517024

Apache httpd -- Multiple vulnerabilities

The Apache httpd project reports:

mod_lua: Use of uninitialized value of in r:parsebody (moderate) (CVE-2022-22719)
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash.

HTTP request smuggling vulnerability (important) (CVE-2022-22720)
httpd fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (low) (CVE-2022-22721)
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes.

mod_sed: Read/write beyond bounds (important) (CVE-2022-23924)

Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data.

Discovery 2022-03-14
Entry 2022-03-15
apache24

< 2.4.53

CVE-2022-22719
CVE-2022-22720
CVE-2022-22721
CVE-2022-23943
https://httpd.apache.org/security/vulnerabilities_24.html